[ale] bastille linux?

[jenn at colormaria.com]

I've used Bastille to do some generic hardening of all of my systems, since
it gives a nice front-end to many tasks I used to have to remember to run
various scripts to do.  It does a good job on the suid's, and is nice and
verbose trying to explain what it's doing so that you don't just click
blindly through the setup.

It's a nice little program, but you'll want to make sure you understand what
it's doing and what changes it's making to your system (good practice for
any program, esp one to which you're entrusting your security IMHO).  If
you're not a shell script wizard, the script it uses to set up the IPtables
is a bit much to wade thru if it does something that you don't want it to
do, or if its rules conflict with your own.  OTOH, it's most excellent if
you don't need anything special, just open or close a port in the config
script and restart the firewall, and all is well and reasonably secure.  

As long as you don't consider it the end of your security road, Bastille
goes a long, long way to making a linux box more secure. I'd combine it at
least with portsentry and some other psionic tools.  

Cheers
jenn


> 
> 
> On Monday 10 December 2001 09:15, John Wells wrote:
>  Can anyone comment on bastille?  I'm considering it
>> for use on my firewall/router and am looking for some
>> feedback.
>>
>> Thanks,
>> John
>>



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.